<?php 
session_start();
require_once("../common/config.inc.php");
if(isset($_SESSION["admin"])){
    header("Location: AdminHome.php");
    exit();
}
?>
<?php include("../common/db.inc.php");?>
<?php
global $divDisplayStyle;

	init();		
	
	function init(){ 
		$GLOBALS[divDisplayStyle]=array();
		$operation=$_POST["operation"];
		//handle post request - modify user 
		if($operation && $operation=="login"){				
			loginUser();
		}else{
			$GLOBALS[divDisplayStyle]["operateResultDiv"]="display:none";
		}	
	}
	
	function loginUser(){
		$userid=$_POST["userid"];
		$password=$_POST["password"];	
		$password=md5($password);	
		$sql = "SELECT * FROM medcdb.t_user where userid='$userid' and password='$password'";
		$connection=getMEDCConnection();
		$userArray=executeQuery($sql,$connection);	
		if(count($userArray)>0){
			$usertype=$userArray[0]["usertype"];
			if($usertype==1){//admin
				$_SESSION["admin"] = $userid;
				header("Location: AdminHome.php");
				exit();
			}else{
				$_SESSION["user"] = $userid;
				header("Location: ../user/UserMain.php");
				exit();
			}						
		}else{					
			$GLOBALS[operateResult]="Invalid user id or password!";
			$GLOBALS[divDisplayStyle]["operateResultDiv"]="display:inline";
		}		
	}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="keywords" content="" />
<meta name="Description" content="" />
<meta name="author" content="" />
<title>User Login</title>
<link rel="stylesheet" type="text/css" href="../css/medc.css" />
<script language="JavaScript" type="text/javaScript" src="../js/medc_common.js"></script>
<script language="JavaScript" type="text/javascript">	
	function doPost(operation){
		if(validate()==false){
			return;
		}
		document.getElementById("operation").value="login";
		//document.forms["medcform"].attributes["action"]="AdminLogin.php";
		document.forms["medcform"].submit();
	}
	
	function validate(){
		//check user id		
		var userid=document.getElementById("userid").value;
		if(isWhitespace(userid)){
			alert("userid can not be empty!");		
			return false;				
		}
				
		//check password		
		var password=document.getElementById("password").value;
		if(isWhitespace(password)){
			alert("password can not be empty!");		
			return false;				
		}
		
		return true;
	}
</script>
</head>

<body>
	<!--Top area-->
	<div id="toparea">
		<?php include "../common/header.inc.php"?>
	</div>	
	<div style="text-align:center;width:300px;margin:0 auto;margin-top:50px;">
		<div style="margin:0 auto;width:300px;font-weight:bold;border-bottom:1px solid gray;">Login the administrator panel</div>
		<form action="AdminLogin.php" method="post" name="medcform">
			<input type="hidden" name="operation" id="operation" />
			<p><?php echo $GLOBALS[operateResult]; ?></p>			
			<!--Main area-->			
			<table style="line-height:30px;margin:auto;">							
				<tr>
					<td align="left"><label for="userid">User Id</label></td>
					<td align="left"><input type="text" name="userid" id="userid" maxLength="20" size="20" /><td>
				</tr>
				<tr>
					<td align="left" valign="bottom"><label for="password">Password</label></td>
					<td align="left">			
						<input type="password" name="password" id="password" maxLength="10" size="20" />			
					<td>
				</tr>
				<tr>
					<td colspan="2" style="text-align:right;">
						<input type="submit" name="Login" value="Login" id="Login" onclick="doPost('login')" /></td>				
				</tr>
			</table>		
		</form>
	</div>
	
	<div class="myclear"></div>
	<div id="footer">
		<?php include "../common/footer.inc.php";?>
	</div>
</body>
</html>
